Chrome security warning for non-HTTPS logins

From January 2017, if your website and Perch login are not served over HTTPS, then when your clients come to log into Perch using Chrome they will be told their login is Not Secure.

This is part of Google’s drive to encourage people to serve sites over HTTPS, and is part of a longer term plan to mark all non-https sites as not secure.

If you use Chrome Canary, you will already see a warning in the Developer Tools Console on any page that this will apply to.

Warning in Canary Dev Tools

What should you do?

We would suggest that you serve your Perch Control Panel login, and ideally your entire website, over HTTPS. This would be a great time to have the conversation with your clients and hosting companies about doing this.

HTTPS is already a ranking signal for Google, and if you are hoping to move to HTTP/2 you will need to be serving your site over HTTPS to benefit. In addition there are a number of newer browser APIs that can only be used if your site is served over HTTPS.

What happens if you don’t move to HTTPS?

If your client is not going to move to HTTPS, or if you are not doing ongoing work on the site, we would suggest you contact them before January to warn them of the change and explain that nothing has changed with their Perch install. You could take this as an opportunity to explain to them about the benefits of moving to HTTPS over and above ensuring the security of their CMS login.